Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/01/30

[***]            Summary:            [***]

2 new Open, 20 new Pro (2 + 18). Remcos, MSIL/PsiXBot, Win32/Carambis, Win32/Phorpiex, Various Phishing.

Thanks: Kevin Ross, @AttackDetection

[+++]          Added rules:          [+++]

Open:

2026862 - ET TROJAN [PTsecurity] Remcos RAT Checkin 87 (trojan.rules)
2026863 - ET INFO Possible RTF File With Obfuscated Version Header (info.rules)

Pro:

2834645 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-30 1) (trojan.rules)
2834646 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-01-30 2) (trojan.rules)
2834647 - ETPRO CURRENT_EVENTS Successful Rackspace Webmail Phish 2019-01-30 (current_events.rules)
2834648 - ETPRO CURRENT_EVENTS Successful Amazon Phish 2019-01-30 (current_events.rules)
2834649 - ETPRO CURRENT_EVENTS Successful Wells Phish 2019-01-30 (current_events.rules)
2834650 - ETPRO CURRENT_EVENTS Successful Microsoft Encrypted File Phish 2019-01-30 (current_events.rules)
2834651 - ETPRO CURRENT_EVENTS Successful Onedrive Phish 2019-01-30 (current_events.rules)
2834652 - ETPRO CURRENT_EVENTS Successful OneDrive Phish 2019-01-30 (current_events.rules)
2834653 - ETPRO CURRENT_EVENTS Successful IRS Phish 2019-01-30 (current_events.rules)
2834654 - ETPRO CURRENT_EVENTS Successful Docusign Phish 2019-01-30 (current_events.rules)
2834655 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-01-30 (current_events.rules)
2834656 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-30 (current_events.rules)
2834657 - ETPRO TROJAN MSIL/PsiXBot CnC Activity 2 (trojan.rules)
2834658 - ETPRO TROJAN VBS/Dunihi Inbound (trojan.rules)
2834659 - ETPRO MALWARE Win32/Carambis PUA Requesting Affiliate Software (malware.rules)
2834660 - ETPRO USER_AGENTS Win32/Carambis PUA User-Agent (user_agents.rules)
2834661 - ETPRO TROJAN Win32/Phorpiex Spambot Retreiving Payloads M1 (trojan.rules)
2834662 - ETPRO TROJAN Win32/Phorpiex Spambot Retreiving Payloads M2 (trojan.rules)

[///]     Modified active rules:     [///]

2008625 - ET P2P Pando Client User-Agent Detected (p2p.rules)
2026525 - ET TROJAN Win32/BlackCarat XORed (0x77) CnC Checkin (trojan.rules)
2822697 - ETPRO CURRENT_EVENTS MalDoc Downloader Retrieving Payload Oct 14 (current_events.rules)

Date:
Summary title:
2 new Open, 20 new Pro (2 + 18). Remcos, MSIL/PsiXBot, Win32/Carambis, Win32/Phorpiex, Various Phishing.